Massive Yahoo Hack Further Argument for Better Password Protection

A 2014 Yahoo hack potentially represents by far the biggest data theft on record, with information involving up to 500 million accounts stolen. Yahoo is blaming “state-sponsored” hackers, but it appears that that remark may be diversionary, as evidence of an inside job is likelier. The email host, news, and search engine giant claims that the hackers “are no longer in [its] corporate network,” and that it didn’t believe any truly compromising data stolen from the half-billion accounts had been affected. This includes unprotected passwords, payment card information (PCI), or bank account information. That’s a lot of information that Yahoo can suddenly vouch for, after allowing such an egregious data breach in the first place.

A Wall Street Journal article, updated Sept. 22, highlights the fact that Yahoo claims this was the work of state-sponsored hackers “in another nation”; it also calls into question the coincidental timing of the $4.8 billion Verizon buy-out deal, announced July 25. Yahoo began its investigation into “claims by hackers” that they were negotiating to sell 280 million Yahoo usernames and passwords just before the deal with Verizon was announced. It all smells more than fishy, with this food for thought stemming from the “big breach”:

Verizon would benefit by a downgrade in Yahoo stock after the hacking announcement

What is the actual black-market value of Yahoo passwords anyway?

How can Yahoo verify state-sponsored hijacking of half a billion of its accounts, but not be able to provide security enough to protect those accounts?

How the Yahoo Hack Affects You

It’s hard to say just who is directly benefitting from this biggest hack ever, but one thing is for certain – the losers, once again, are the account holders themselves. So, it appears users of any Web-based services must resort to deeper password encryption – in spite of Yahoo corporate claims that no sensitive or financially injurious information was acquired by the, er, “state-sponsored” hackers. Obviously, no one is 100-percent safe from hackers or data breach, but we can choose to better arm ourselves, and not leave data security to free email hosts or even so-called “secure” third-party transaction platforms like PayPal.

Don’t worry, though, the FBI is on top of the matter. “We take these types of breaches very seriously and will determine how this occurred and who is responsible,” so they claim. One can’t fail to notice that this incident closely parallels the announced $26.2 billion buy-out of LinkedIn by Microsoft, following LinkedIn’s own colossal data breach in 2012 that affect 117 million of its users. And, one wonders, who’s really benefitting from all this data theft and billion-dollar buy-outs. Beyond the conspiracy theories are the hard facts, though – huge data breaches affect us all, especially when we get lazy about the safeguarding of our personal data.

Yahoo claims the stolen passwords were encrypted, but the huge number of them, plus the fact that any determined and resourceful hacker can de-crypt such passwords with “cracking” software doesn’t really impart any measure of assurance. Security experts are recommending that anyone using login data online should use a second layer of authentication to their accounts (two-factor authentication), and routinely change their passwords And of course, Yahoo itself is advising users to change their passwords and security questions.

Need IT Assistance?

If you’re not sure how to better encrypt your personal data, Data Magic Computer Services is the leader in providing cybersecurity and IT consulting in Dallas/Fort Worth. Contact one of our expert IT staff at (469) 635-5500 or send us an email at helpme@datamagicinc.com for more help with this issue.